Ownership

Working as root makes it simpler but easily huge damages to
the system could occur. So create a user and work when possible
as user. A user belongs to a primary group and optionally to
supplementary groups. Devices and demons are also defined as
users and groups.

User
account

useradd -m -G
users,wheel,audio -s /bin/bash<username>

Creates the user account and its home directory where the
files .bash_logout.bash_profile.bashrc and the empty directory
.ssh get created.

It uses the file /etc/defaults/useradd for the defaults.
However it also uses settings in /etc/login.defs

It also assigns a unique number to the user and assigns
numbers for its belonging groups.

passwd<username>
sets a password

Over time a lot of other directories and files are created
in the user account. Most of them are hidden and start
therefore with a . character. Some of them can be considered
as garbage from no more installed programs or can even
contain outdated incompatible data that might cause
problems.

To delete a user userdel
<username>
or the same but including its data userdel -r <username>

User
definition

/etc/passwd contains list of
users

<user>:<password>:<UID>:<GID>:<comment>:<Home directory>:<Shell>

GID Group ID is the primary group of the user, if the user
creates a file, then this is the group id given to the
file.

root =0

system=1-99

users=100

own groups=101….

UID User ID

root=0

daemons=1-499 (daemons are programs running in
background)

users=500…

A file belongs to an owner and a group.

Important

Users have numbers (UID). Not the user name but the UID
is stored with files and directories. If you share data
between computers make sure that your user has on all
computers the same UID! The same applies for the primary
GID.

In the past the passwords were in this file but now it
contains just an x since /etc/passwd is to easy accessible and
creates therefore a security risk, so the passwords got moved
to /etc/shadow accessible just
by root. See man 5
shadow. The file contains additional data
defining as expiration date of a password.

Password * means nobody can log in. Nothing means no
password and you will get prompted for one when you log in
next time.

chown -R<my name>
/home/<my
name> to fix the user
name.

Group
definition

For the groups /etc/group
contains the configuration:

<group name>:<password>:<GID>:<list of users>

groups have a password and a group id. The password is
usually not used it allowed users to add themselves to other
groups knowing the password. This now commonly done by the
administrator having root privileges.

Users belong to primary group but can also belong to a
supplementary group. Users using this group as supplementary
group are added here as well.

The supplementary groups are where the user has access
rights, but just the primary group /etc/passwd is the group where files and
directories are created. There are different philosophies how
groups are assigned:

every user has as primary group the group: users

every user has as primary group a group with the
same name as the <username> and
has the secondary group: users

The first method is more open. Sensitive data should be
kept in encrypted directories (as encfs).

The second method that has become the default is more
restrictive and can block easily file read access between the
users. /etc/login.defs sets
this behavior when it contains

USERGROUPS_ENAB yes

Manually changing the user number and group number
afterwards is possible but obviously not the standard way to
go. usermod is
the way.

chgrp -R <primary group name =
username> /home/<username>
will assign to all files in the user accounts the group
ownership

Resetting Linux
passwords

Passwords can be reset by using a liveCD or mount the
physical hard disk on an other computer and delete the
passwords in /etc/shadow

Just make the password field empty since this means no
password and next time you will be prompted to add a new
password.

So change

root:<Some sting>:<some number>:0:::::

to

root::<some number>:0:::::

Resetting Windows
Passwords

Maybe this is not necessary since Linux can read the
Window disk (if not encrypted).

fdisk -l
shows the disks

The disk must be writable so ntfs-3g /dev/sd<nm>
/mnt/windows and repeat this for all the
partitions.

cd <...>/Windows/System32/config

chntpw -l
SAM shows all Windows users

chntpw -u <username>
SAM modifies the user information as clearing
the password and unlock the account

Working with
different computers

Multiple computers on a network exchange usually files
between them. To keep it simple make sure that:

the user number assignments UID is consistent
between the computers

the primary group number assignment GID is
consistent between the computers.

The numbers are more important than the names, since they
are stored with the individual files. The names are just
defined in /etc/passwd and
/etc/group.

To fix the ownership edit /etc/passwd and /etc/group or use a tool for it.

For people that like it complicated NIS (Network
information service) is used to coordinate user accounts and
group data over a network.

Commands and behavior

passwd is
the command to change the password. passwd<username>
can be used by root to reset/set a user password.

groups show
groups where I’m member

groupadd
creates new group

useradd -m -G
users<username>
Adds a new user

usrmod
modifies a user

userdel
deletes a user

grpmodmodifies a group

groupdel
deletes a group

id<username>
shows UID and to what group <username> belongs.
id does the
same with the current user

chown change
file owner. The following command sets the <username> to all files
in the users home directory: chown -R<username>
/home/<username>

chgrp change
the primary group ownership. The following command sets the
<primarygroup> to all
files in the home directory: chgrp -R <primarygroup>
/home/<username>.
In case <primarygroup> is the
same string as <username> the command
is chgrp -R <username>
/home/<username>